Securing Rest API in WSO2 ESB

Can we implement a secured API in WSO2 ESB and can we provide an existing user's credential, (as a header) who is in ESB's use store, to access it?
This scenario can be done in ESB Proxy: Guide by providing a policy file. Can't we do the same in API too, if not what is the reason behind that?

Answers

If you are going to secure the APIs using Oauth2 you can use Oauth mediator but if you looking to use basic auth you need to write a class mediator(Here is an old article,you can get brief idea on implementing basic auth class mediator even though details are outdated )